Mozilla to pull antiphishing feature from Firefox 2.0 at Google's request
The browser protection relies on an older blacklist protocol
Computerworld - Mozilla Corp. will drop antiphishing protection from the final version of Firefox 2.0 at Google Inc.'s request when Mozilla updates the browser later this month, a company executive confirmed today.
When Mozilla rolls out Firefox 22.214.171.124, the browser will be missing the antiphishing feature that the aging browser has sported since it debuted in 2006, said Mike Beltzner, director of Firefox, in an e-mail today.
"The latest published update for Firefox 2, which is Version 126.96.36.199, has the Phishing Protection feature enabled and working," Beltzner said. "However, the next planned update for Firefox 2, Version 188.8.131.52, will be required to disable this feature."
Firefox 184.108.40.206, which will be the last security update for the browser before Mozilla discontinues support, is currently slated to ship on Dec. 16, according to notes from a status meeting earlier this week. Mozilla's policy is to support a browser for six months after it has been superseded by a new version. The company unveiled Firefox 3.0 in mid-June.
Dubbed "Phishing Protection" by Mozilla, the feature warns users when they attempt to reach a site suspected of hosting identity theft scams. The list of blocked sites is generated by Google, the search company that provided 88% of Mozilla's revenue during 2007.
Beltzner said Google asked Mozilla to disable the feature in Firefox 220.127.116.11 because the older browser line uses an obsolete protocol.
"The Phishing Protection feature in Firefox 2 relies on data provided by Google via the first version of the SafeBrowsing protocol," said Beltzner, who explained that Google and Mozilla had worked together to update the protocol, first to SafeBrowsing v2.1 late last year, and more recently, to SafeBrowsing v2.2.
Firefox 3.0 has relied on SafeBrowsing v2.1 since its release several months ago, but is transitioning to v2.2 this month for its antiphishing and anti-malware features, both which ping Google's servers for blacklists.
"Now that Firefox 2 is reaching the end of its support life span, we have been asked to turn this feature off as Google will no longer be supporting requests using the obsolete SafeBrowsing v1 protocol," said Beltzner.
Users who download Firefox 18.104.22.168, or update to that version later this month, will be told that the feature has been switched off, Beltzner said.
Firefox 3.0, which is currently at 3.0.4 and scheduled to update to 3.0.5 at the same time Mozilla ships the final Firefox 2.0 update, will continue to offer antiphishing protection. Users of the older browser can update to the newer line by downloading Firefox 3.0, or accepting the automatic upgrade offer that will begin reaching them today.
Beltzner said that Mozilla won't offer any antiphishing work-arounds for Firefox 22.214.171.124 users who want to keep using the older browser, but noted that there are similar tools available elsewhere. Alternatives to Firefox's built-in protection include the Netcraft Toolbar, WOT (Web of Trust) and FirePhish extensions, which can be downloaded from Mozilla's add-on site.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts